/tg/Station 13

Posted: **Mon Apr 15, 2019 1:15 am**

i wanna play

Posted: **Mon Apr 15, 2019 1:19 am**

pay up https://www.reliablesite.net/ddos-protection/

Posted: **Mon Apr 15, 2019 5:40 am**

When you code it

Posted: **Mon Apr 15, 2019 6:00 am**

Pick the free one?

Posted: **Mon Apr 15, 2019 9:45 pm**

Yakumo_Chen wrote:Pick the free one?

the free tier we are using is being swamped by the DDOS

Posted: **Mon Apr 15, 2019 10:06 pm**

oranges wrote:
Yakumo_Chen wrote:Pick the free one?
the free tier we are using is being swamped by the DDOS

just pick it 5 times and stack it lol

Posted: **Mon Apr 15, 2019 11:53 pm**

D&B wrote:When you code it

Posted: **Tue Apr 16, 2019 9:03 am**

hjkghjkghjkghjkghjk

Posted: **Tue Apr 16, 2019 11:17 am**

this, this is salt

Posted: **Tue Apr 16, 2019 6:03 pm**

Retardedgrayshit wrote:Hey Dan Gar here just wanted to say i hope your shitty server gets ddosed until the end of time

More like dan gay

Posted: **Wed Apr 17, 2019 6:33 pm**

Retardedgrayshit wrote:Hey Dan Gar here just wanted to say i hope your shitty server gets ddosed until the end of time

Is this more salt than the time someone printed out a pic of anon and literally shit on it? It's certainly on a par. Either way they both need you to handle your own poop to clean up.

Posted: **Wed Apr 17, 2019 8:10 pm**

peoplearestrange wrote:
Retardedgrayshit wrote:Hey Dan Gar here just wanted to say i hope your shitty server gets ddosed until the end of time
Is this more salt than the time someone printed out a pic of anon and literally shit on it? It's certainly on a par. Either way they both need you to handle your own poop to clean up.

It's bait

Posted: **Fri Apr 19, 2019 2:54 am**

Super Aggro Crag wrote:
Retardedgrayshit wrote:Hey Dan Gar here just wanted to say i hope your shitty server gets ddosed until the end of time
More like dan gay

Woah calm down there Crag, your cunning wit's gonna kill someone.

Posted: **Fri Apr 19, 2019 5:54 am**

Retardedgrayshit wrote:Hey Dan Gar here just wanted to say i hope your shitty server gets ddosed until the end of time

Aren't you that guy that would hound admins every round for free antag?

Posted: **Fri Apr 19, 2019 11:06 am**

peoplearestrange wrote:
Retardedgrayshit wrote:snip
Is this more salt than the time someone printed out a pic of anon and literally shit on it? It's certainly on a par. Either way they both need you to handle your own poop to clean up.

holy shit its been a while i thought you died

Posted: **Fri Apr 19, 2019 9:13 pm**

Can we not get whatever ISP we have to block the sources of the ddos?

Posted: **Fri Apr 19, 2019 9:32 pm**

We believe it’s a bot net

Posted: **Fri Apr 19, 2019 9:42 pm**

get the ion rifle then dip STICK

Posted: **Sat Apr 20, 2019 2:08 pm**

LaKiller8 wrote:Just flip off the "Allow DDoS" switch smh MSO is so lazy

Well it is weedsmas

Posted: **Sun Apr 21, 2019 10:59 pm**

The source address of an Internet Protocol packet is spoofable. The only protection against this is the fact that establishing a connection requires a 3 way handshake and if you spoof the source address you don't get the 2nd packet so you can't properly respond with the final 3rd packet.

What we are getting is a massive flood of spoofed packets to the tune of 1 to 5 million packets a second, depending on what they can afford at that time.

The source address of these packets is spoofed, during a 10,000 packet sample taken during one of the ddos's, there were 9946 unique source ip addresses.

Posted: **Mon Apr 22, 2019 5:10 am**

Dumb pindosi

Posted: **Mon Apr 22, 2019 5:27 pm**

MrStonedOne wrote:The source address of an Internet Protocol packet is spoofable. The only protection against this is the fact that establishing a connection requires a 3 way handshake and if you spoof the source address you don't get the 2nd packet so you can't properly respond with the final 3rd packet.

What we are getting is a massive flood of spoofed packets to the tune of 1 to 5 million packets a second, depending on what they can afford at that time.

The source address of these packets is spoofed, during a 10,000 packet sample taken during one of the ddos's, there were 9946 unique source ip addresses.

Its kinda amazing (read:sad) that someone is spending their (or their parents) hard earned cash to make a game server suffer for awhile. Because thats all it is, an annoying inconvience. Eventually they will get bored, run out of money, or we'll find away to stop it.

They think they are self rightous, we think they'll be forgotten.

Plapatin wrote:holy shit its been a while i thought you died

Na im still alive, just been doing other stuff non SS13, though like us all, we come back eventually.

Posted: **Mon Apr 22, 2019 8:20 pm**

peoplearestrange wrote:
MrStonedOne wrote:The source address of an Internet Protocol packet is spoofable. The only protection against this is the fact that establishing a connection requires a 3 way handshake and if you spoof the source address you don't get the 2nd packet so you can't properly respond with the final 3rd packet.

What we are getting is a massive flood of spoofed packets to the tune of 1 to 5 million packets a second, depending on what they can afford at that time.

The source address of these packets is spoofed, during a 10,000 packet sample taken during one of the ddos's, there were 9946 unique source ip addresses.
Its kinda amazing (read:sad) that someone is spending their (or their parents) hard earned cash to make a game server suffer for awhile. Because thats all it is, an annoying inconvience. Eventually they will get bored, run out of money, or we'll find away to stop it.

They think they are self rightous, we think they'll be forgotten.

Plapatin wrote:holy shit its been a while i thought you died
Na im still alive, just been doing other stuff non SS13, though like us all, we come back eventually.

https://en.wikipedia.org/wiki/Hanlon%27s_razor
"Never attribute to malice that which can be easily explained by human stupidity."

They're not DDoS-ing the hosts in some effort to cause a massive problem for hundreds of people or to somehow gain an upper hand.
They're doing it because "it's funny."
It's like choosing to play an assistant because you want to play Antag, but when you don't get antag you decide to "do dumb fun things" as an assistant which ends up pissing off half the station.

on a related topic, Reverse proxies are an absolutely wonderful way to help mitigate DDoS attacks; has any consideration been given to standing up an nginx reverse proxy for the purposes of DDoS mitigation? or would the BYOND engine have an aneurysm over the concept?

Posted: **Wed Apr 24, 2019 4:27 am**

A network of reverse tcp proxies was an idea we discussed to stop the attacks, we can even do validation by just putting a stub byond world that whitelists the ip and redirects to the whitelisted port. The hard part is cost of the other nodes. You can kinda abuse vpses and the fact they all come with some amount of bandwidth at a cheaper cost than buying it directly, subsidised by the fact that most of the clients don't use much of their allotment, but mis-plan the capacity and you're looking at some costly invoices.

Let's say you get 13 amazon lightsail instances at $3.5 a month each $45.5 total, one for each aws region, thats 13tb a month of included bandwidth usage.

This month so far, /tg/ has used 37037.29 GB of bandwidth, most of that from the ddos, and it's only the 23rd.

At 0.09 USD/GB for bandwidth overages, that would be $2,135.28 in overages.

Upgrade the nodes, get the 2TB for $5 a month, and now you have 26TB of capacity for $65 total a month. Thats still not 37TB of capacity.

$937.20 overage fee

It doesn't make sense to scale the nodes up at this point, 10 bucks only gets you 3TB, its cheaper scale them out. 7 more $5 nodes in the 7 popular regions for a total of $100 a month for 40TB of capacity,

This is also the max amount of lightsail nodes you can have in one aws account, before they force you to use ec2 instances that have no included bandwidth. There are other providers with about the same pricing, just not one with nodes in all the same regions as aws, and doesn't tie in as nicely to route 53's latency based domain records to do the actual geoip routing.

Still, thats $100/month to (hopefully) cover the ddos, and given current usage, and the fact the ddos hasn't been happening all month, it would very likely still break past 40TB in one month.

Thats not to say building this system wouldn't have other benefits. Overall ping would drop because the routes would be better than home isp routes.

Even now, pinging my personal ip from the server, and pinging the server from my computer, show two different routes, and a ping drop from 60ms to 45ms, and i'm only two states away from the server. Data Centers generally optimize for better routes. Home isps instead keep the traffic in network for longer, bouncing from connected region to connected region, optimizing for the cheaper route when it finally leaves their network.

Hit 420 on the patreon (or hell, hit 365) and I'll be able to do it. It's not like I can't turn off the nodes if it looks like its about to go over.

/tg/Station 13

stop the ddos somehow

stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow

Re: stop the ddos somehow